Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations
|
|
- Charlotte Boyd
- 8 years ago
- Views:
Transcription
1 Technical Report September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology, Ltd. Lynn F. Fischer Defense Personnel Security Research Center Approved for Public Distribution: Distribution Unlimited Research Conducted by Defense Personnel Security Research Center
2 Report Documentation Page Form Approved OMB No Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE SEP REPORT TYPE N/A 3. DATES COVERED - 4. TITLE AND SUBTITLE Ten Tales of Betrayal: The Threat to Corporate Infrastructure by Information Technology Insiders Analysis and Observations 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Defense Personnel Security Research Center 99 Pacific Street, Suite 455-E Monterey, CA PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release, distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 11. SPONSOR/MONITOR S REPORT NUMBER(S) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified 18. NUMBER OF PAGES 65 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18
3
4 Technical Report September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology, Ltd. Lynn F. Fischer Defense Personnel Security Research Center Released by James A. Riedel Director Defense Personnel Security Research Center 99 Pacific Street, Suite 455-E Monterey, CA
5
6
7 Preface This report provides an overview and analysis of 10 insider events that occurred prior to 2003 in infrastructure industries. It concludes with a set of observations that have clear implications for policies and management practices in government and industry. The 10 full case studies, authored by Eric D. Shaw, Ph.D., Consulting & Clinical Psychology, Ltd., are contained in another report that was issued as For Official Use Only in order to respect the confidentiality of private sector companies that were victimized by the offenders. These cases represent attacks against information systems that are essential for the functioning of national critical infrastructure industries. The threat to organizations in this category is obviously a Department of Defense (DoD) concern; however, insider attacks, not unlike those described here, have also occurred in military departments and Defense agencies. PERSEREC has been tracking events on the government side over the past 3 years and has a growing database of information on trust betrayal involving information systems. A subsequent summary of findings that pertain specifically to the Defense community will be issued at a later date. In the interim, case study work of the type and quality seen here is proving to be invaluable to our understanding of this behavior and of mitigating factors that we would recommend to minimize Defense systems vulnerabilities. The significance of the analysis of these events extends beyond a concern with the vulnerability of critical information technology (IT) systems. This is an attempt to understand one manifestation of the much larger insider threat to the DoD and the United States. Other dimensions of this threat include insider espionage concerning which PERSERC has had a long-term research interest and the insider threat associated with international terrorism that is only now emerging. These threats all stem from human problems and vulnerabilities that might be addressed in time to prevent damage or loss by an effective personnel security system working in harmony with employee assistance programs. For this reason, we are particularly interested in implications that focus on preemployment screening, monitoring on the job, and on how to deal with otherwise valuable personnel who are angry or disgruntled. James A. Riedel Director iii
8 iv
9 the expansion of standard pre-employment screening to detect this type of risk. The finding that several subjects had either committed the same or similar crimes before, or went on to repeat their violations, calls attention on the need for a system to track IT offenders better. Table 19 below summarizes these key findings and implications related to personnel management and insider risk. Table 19 Key Findings and Implications Related to Personnel Management Key Findings: Risk Factors Related to Personnel Management and Policy that Predict to Greater Vulnerability Gaps in personnel and security policies and practices High rates of personnel and security policy implementation and enforcement failures Lack of technical and human resources and education for policy enforcement Offender ability to avoid detection of policy and practice violations Failure of basic screening procedures Failure of traditional screening methods to detect at-risk online activities Tracking failures Implications Related to Personnel Management and Policy 13. Need for increased education and proliferation of personnel and security policies and practices, audits of policies and practices. 14. Need for increased education and proliferation of personnel and security policy implementation and enforcement methods, management training in enforcement practices, case management training, more reliable consequences for violations. 15. Improved education and awareness training regarding policy enforcement, improved enforcement auditing, increased corporate self-regulation of policy enforcement to avoid liability, government regulation and legislation. 16. Improved education and training of personnel and security personnel responsible for policy implementation and enforcement, and improved technical and human resources to assist these personnel. 17. Need to increase screening requirements. 18. Need to broaden and improve screening to improve detection of hacking and other at-risk, online activities and affiliations, use of security audits early in employment in absence of reliable screening methods. 19. Need to improve availability of information regarding past prosecuted and nonprosecuted violations for pre-employment screening. Criminal and Incident Investigations The patterns observed across these cases can potentially aid investigators of insider activity. While there may not be an insider personality profile to facilitate investigation, there are clear patterns in the combined personal backgrounds and work relationships that make these individuals stand out among their peers. The Proprietor and the Hacker perpetrator types provide even more detail on potential suspect characteristics. When partial information on suspects is available that fits these templates, they can provide further investigative guidance. The combination of personal characteristics and 44
10 problematic interactions in the workplace, identified in these case studies as risk indicators, could help narrow a field of suspects or assist investigators and prosecutors to select appropriate case management strategies. Future Research These results provided tentative support for the validity of the critical pathway model and the accompanying at-risk characteristics. The findings also lend support to the accuracy and relevance of the perpetrator typology categories. It would be useful to compare the patterns associated with the critical pathway and the perpetrator typologies to subjects in other types of trust betrayal, including insider espionage, fraud, and support for terrorist organizations. The research approach could be significantly improved in several ways. An increase in the frequency of subject interviews would fill out the story of these events and provide critical information on the relative balance of individual versus organizational factors that contribute to these episodes. However, these results indicate that subject interviews alone without workplace and investigator information and coworker interviews may result in a significant social desirability bias. The three subjects in this sample who agreed to interviews had very specific agendas for doing so. In these cases subject interviews were balanced by alternative views of the event provided by coworkers and supervisors which in many cases conflicted with those of the subject. The availability of alternate sources provided a deeper understanding of the motivations and behaviors associated with each event. The number of and variety of subjects available could be increased easily by expanding the geographic selection area beyond the Washington, DC, to the New York corridor. The research could be further improved by diversifying selection to include cases not handled by law enforcement. The absence of court findings would require strengthening of the criteria to validate the nature of the offense. These preliminary results suggest that there may be differences between criminal cases and those more numerous violations resolved without legal intervention. Expansion of the number of subjects would also allow for more robust data analysis, beyond the examination of trends. Educational Products Detailed case studies provide unique educational value. The level of human detail, the focus on seemingly normal workplace events, and the application of critical pathway analysis, can be used to sensitize peers, supervisors, and security personnel to insider risks and intervention opportunities. Potential educational and training opportunities and products derived from this research could include: 45
11 Live or taped interviews with subjects, investigators, coworkers and prosecutors from a specific case Classroom exercises written around actual case data that would allow participants to role-play interventions at different stages of a case as the risk of an insider attack increases over time Structured security and investigative class work utilizing the case patterns identified to help security personnel refine investigative strategies Improved red teaming 10 from the insider perspective Materials designed to help security personnel work more closely with Human Resources and employee assistance program staff to identify and appropriately intervene with employees at risk for insider activity Information designed to help security and counterintelligence personnel prioritize scarce resources to identify groups, as well as individuals, at-risk for insider activity. Summary The foregoing 19 specific findings and implications reflect a more limited set of central observations derived from these cases. The following can be considered the primary conclusions and lessons learned from this study that have obvious application to cases like those described here for personnel policy, personnel security practices, technical deterrents, and security education for employee populations. 1. There is a clear relationship between personal stress as well as adverse social climates and the level of risk for systems abuse. Reliance on software solutions or technical deterrents to cyber-crime tends to obscure the importance of addressing personal issues through management interventions and timely referrals to employee assistance programs when appropriate. What is going on in a trusted employee s life (whether it be threatened loss of employment, marital strife, or substance abuse) usually manifests itself in workplace behavior and attitudes. When that person is in control of an IT system, the risk is even greater. 2. Closely related to the above is the policy issue on how to deal with disgruntled employees who have access to critical information system. Most of the offenders in these case studies were disgruntled for one reason or another. They reacted to their perceptions of injustice by abusive online behavior. An employee who is expressing anger in the workplace is engaged in conflict with other employees, or otherwise behaving in a threatening manner needs immediate management intervention. Our cases, albeit limited in number, indicate that there is a time delay in management awareness of employee disgruntlement and therefore a limited window of opportunity for more effective management responsiveness to this challenge. In addition, our limited sample raises 10 Red teaming is a strategy for the testing of network defenses against intrusion or attack. A team of technical experts, given authorization to do so, attempts to break into a system from a remote location as would a group of hackers. 46
12 questions about the effectiveness of many management approaches once an intervention is attempted. These results and the high-risk levels in such situations argue for the establishment of strict human resources guidelines regarding reporting and intervention with such subjects. These results indicate the need to consider more intensive, multidisciplinary case management and planning, as well as such options as intensive monitoring, restriction on remote system access, counseling, or psychological evaluation to mitigate the threat of systems abuse by employees at risk. 3. Even where disgruntlement or stress are not factors, these cases indicate that an elevated vulnerability to abuse exists in organizations that permit systems administrators or other IT professionals exclusive or proprietary control over its information systems. Where the system administrator has a sense of ownership and possesses technical skills not shared by other members of the organization, a situation exists in which management has no supervisory oversight and may well be intimidated by the administrator. The solution to this vulnerability is to require some type of routine system audit or monitoring by an independent provider or shared responsibilities for IT functions within the organization by technically qualified persons. 4. Inadequate termination policies appear to have been a contributing factor in several cases studied here and in other insider events evaluated by the research team. Where termination of employment or temporary probation appears to be a necessary action in extreme cases, the organization must protect itself and its systems from acts of retribution. Immediate suspension of system access (remote and on site) as well as physical access to the workplace by a terminated employee may be warranted, particularly when that employee has had some level of functional control of the IT system. 5. While remote access to a critical information system can be justified as a convenience or as a necessity stemming from mission requirements, experience indicates that unmonitored remote access carries intensified risks to an IT system. System vulnerability is heightened by not suspending remote access privileges of an employee who is barred from the workplace, known to be disgruntled, or who has a history of disregarding security rules and procedures. 6. It is clear that some of the system abuse reported in these cases would not have occurred had there been effective pre-employment screening of job applicants, particularly in regard to past history of online and criminal behavior. Employers, whether in government or the private sector, face serious risks by hiring IT professionals based simply on personal recommendation or paper credentials. However, several of these cases indicate the inadequacy of standard background checks for detection of prior activities of concern which were not prosecuted or not part of the public record for example, hacker activity. This screening gap and the quickness with which several of these subjects violated information security protocols upon their arrival in the workplace argue for probationary audits of the computer activity of new IT employees. 47
13 7. A review of these cases in the private sector and of insider cyber-crime and abuse in DoD organizations shows that some of these damaging events could have been avoided by adequate security training, education, and awareness for employees having access to, or control over, critical information systems. Educational and awareness programs for the workforce and the timing of awareness communications may be geared to activate during periods of higher vulnerability for the organization or during a window of opportunity after signs of employee disgruntlement surface. 8. In some of these cases, the failure to alert management to at-risk subject behaviors can be attributed to gaps in security policy. Also seen was inadequate enforcement and follow-up to policy violations due to a lack of resources or personnel training. Several subjects were simply able to evade security policies because they had IT skills superior to those responsible for enforcement. The content of education and training to address these gaps should include not only technical vulnerabilities but also security policies, deterrent measures, coworker responsibilities, and consequences for systems and for offending employees resulting from insider abuse. The use of actual case studies such as those described in these companion reports can enhance the effectiveness of these educational efforts. 48
14 References Academy jurors get lesson in hacking during cadet s trial. (1999, March 16). Colorado Springs Gazette Telegraph. Air Force Academy dismisses cadet for hacking into computer. (1999, March 14). Chicago Tribune, p. 18. Briney, A. (2003). Best training tactics. Information Security, 6(12), 45. Burgess, A.W., Hartman, C.R., Ressler, R.K., Douglas, J.E., & McCormack, A. (1986). Sexual homicide: A motivational model. Journal of Interpersonal Violence, 1(3), Caruso, V.L. (2003). Outsourcing information technology and the insider threat. Unpublished master s thesis, Air Force Institute of Technology, Wright-Patterson Air Force Base, OH. Coast Guard beefs up security after hack. (1998, July 20). Computer World. Fischer, L.F. (2003). Characterizing information systems insider offenders. Proceedings of the 45 th Annual Conference of the International Military Testing Association, Pensacola, FL. Retrieved, 2003, Gudaitis, T. (1998). The missing link in information security: Three-dimensional profiling. CyberPsychology and Behavior, 1(4), Herbig, K.L., & Wiskoff, M.F. (2002). Espionage against the United States by American citizens Monterey CA: Defense Personnel Security Research Center. Kaarbo, J., & Beasley, R. (1999). A practical guide to the comparative case study method in political psychology. Political Psychology, 20(2), MSNBC. (2000, May 1). Stiff penalties sought for computer crime. Retrieved May 1, 2000, from html Magklaros, G.B., & Furnell, S.M. (2002). Insider threat prediction tool: Evaluating the misuse. Computers and Security, 21(1), Ressler, R., Burgess, A.W., & Douglas, J.E. (1980). Sexual homicide: Patterns and motives. FBI Law Enforcement Journal, 49(10), Schudel, G., & Wood, B. (1999). Modeling behavior of the cyber-terrorist. Proceedings from Countering Cyberterrorism Workshop. Marina del Rey, CA: University of Southern California, Information Sciences Institute. Retrieved December, 2004, from Schultz, E. (2002). A framework for understanding and predicting insider attacks. Computers and Security, 210,
15 Shannon, E., & Blackman, A. (2002). The spy next door: The extraordinary secret life of Robert Philip Hanssen, the most damaging FBI agent in U.S. history. New York: Little, Brown. Shaw, E.D. (2001, January). To fire or not to fire. Information Security, Shaw, E.D. (2002). Profiling corporate information technology insider risk. Washington, DC: Consulting & Clinical Psychology. Shaw, E.D. (2003). Saddam Hussein: Political psychological profiling results relevant to his possession, use and possible transfer of weapons of mass destruction (WMD) to terrorist groups. Studies in Conflict and Terrorism, 26, Shaw, E.D. (2004). The insider threat: Can it be managed? In Parker, T. (Ed.), Adversary characterization: Auditing the hacker mind. Rockland, MA: Syngress Publications. Shaw, E.D., Ruby, K.G., & Post, J.M. (1998a). Insider threats to critical information systems: Characteristics of the vulnerable critical information technology insider (CITI) (Tech. Rep. No. 2). Bethesda, MD: Political Psychology Associates. Shaw, E.D., Ruby, K.G., & Post, J.M. (1998b). The insider threat to information systems. Security Awareness Bulletin, 2 98, Shaw, E.D., Post, J.M., & Ruby, K.G. (1999, December). Inside the mind of the insider. Security Management, Shaw, E.D., Post, J.M., & Ruby, K.G. (2000, July). Managing the threat from within: The personnel security audit. Information Security, Shaw, E.D., & Stroz, E. (2004). WarmTouch software: The IDS of psychology. In Parker, T. (Ed.), Adversary characterization: Auditing the hacker mind. Rockland, MA: Syngress Publications. Shaw, E.D., & Fischer, L.F. (2005). Ten tales of betrayal: The threat to corporate infrastructures by information technology insiders; Report 2, case studies. (FOUO) Monterey, CA: Defense Personnel Security Research Center. Winerman, L. (2004). Criminal profiling: The reality behind the myth. Monitor On Psychology, 35(7), Woman gets five months for hacking; tampering ruined Coast Guard files (1998, June 20). The Washington Post. Wood, B.J. (2000). An insider threat model for adversary simulation. Menlo Park, CA: SRI International, Cyber Defense Research Center. Wood, S., & Fischer, L.F. (2002). Cleared DoD employees at risk Report 2. A study of barriers to seeking help. Monterey, CA: Defense Personnel Security Research Center. 50
Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations
Technical Report 05-13 September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology,
More informationTen Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations
Technical Report 05-13 September 2005 Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders Analysis and Observations Eric D. Shaw Consulting & Clinical Psychology,
More informationCAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE
CAPTURE-THE-FLAG: LEARNING COMPUTER SECURITY UNDER FIRE LCDR Chris Eagle, and John L. Clark Naval Postgraduate School Abstract: Key words: In this paper, we describe the Capture-the-Flag (CTF) activity
More informationIssue Paper. Wargaming Homeland Security and Army Reserve Component Issues. By Professor Michael Pasquarett
Issue Paper Center for Strategic Leadership, U.S. Army War College May 2003 Volume 04-03 Wargaming Homeland Security and Army Reserve Component Issues By Professor Michael Pasquarett Background The President
More informationOverview Presented by: Boyd L. Summers
Overview Presented by: Boyd L. Summers Systems & Software Technology Conference SSTC May 19 th, 2011 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationDEFENSE CONTRACT AUDIT AGENCY
DEFENSE CONTRACT AUDIT AGENCY Fundamental Building Blocks for an Acceptable Accounting System Presented by Sue Reynaga DCAA Branch Manager San Diego Branch Office August 24, 2011 Report Documentation Page
More informationDCAA and the Small Business Innovative Research (SBIR) Program
Defense Contract Audit Agency (DCAA) DCAA and the Small Business Innovative Research (SBIR) Program Judice Smith and Chang Ford DCAA/Financial Liaison Advisors NAVAIR 2010 Small Business Aviation Technology
More informationReport Documentation Page
(c)2002 American Institute Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the
More informationAsset Management- Acquisitions
Indefinite Delivery, Indefinite Quantity (IDIQ) contracts used for these services: al, Activity & Master Plans; Land Use Analysis; Anti- Terrorism, Circulation & Space Management Studies; Encroachment
More informationP. O. Box 1520 Columbia, South Carolina 29202. Effective date of implementation: January 1, 2005. Domestic Violence
SOUTH CAROLINA DEPARTMENT OF SOCIAL SERVICES P. O. Box 1520 Columbia, South Carolina 29202 STANDARDS OF CARE FOR BATTERERS TREATMENT Effective date of implementation: January 1, 2005 Domestic Violence
More informationCyber Adversary Characterization. Know thy enemy!
Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider
More informationIn an age where so many businesses and systems are reliant on computer systems,
Cyber Security Laws and Policy Implications of these Laws In an age where so many businesses and systems are reliant on computer systems, there is a large incentive for maintaining the security of their
More informationUsing the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management
Using the Advancement Degree of Difficulty (AD 2 ) as an input to Risk Management James W. Bilbro JB Consulting International Huntsville, AL Multi-dimensional Assessment of Technology Maturity Technology
More informationEAD Expected Annual Flood Damage Computation
US Army Corps of Engineers Hydrologic Engineering Center Generalized Computer Program EAD Expected Annual Flood Damage Computation User's Manual March 1989 Original: June 1977 Revised: August 1979, February
More informationPART THREE: TEMPLATE POLICY ON GENDER-BASED VIOLENCE AND THE WORKPLACE
PART THREE: TEMPLATE POLICY ON GENDER-BASED VIOLENCE AND THE WORKPLACE Draft Organization s Bulletin The Secretary-General, for the purpose of preventing and addressing cases of Genderbased Violence (as
More informationELECTRONIC HEALTH RECORDS. Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions
United States Government Accountability Office Report to Congressional July 2014 ELECTRONIC HEALTH RECORDS Fiscal Year 2013 Expenditure Plan Lacks Key Information Needed to Inform Future Funding Decisions
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationGuide to Using DoD PKI Certificates in Outlook 2000
Report Number: C4-017R-01 Guide to Using DoD PKI Certificates in Outlook 2000 Security Evaluation Group Author: Margaret Salter Updated: April 6, 2001 Version 1.0 National Security Agency 9800 Savage Rd.
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationDepartmental Policy for Handling of Domestic Violence Incidents Involving Law Enforcement Officers 1
Departmental Policy for Handling of Domestic Violence Incidents Involving Law Enforcement Officers 1 This Policy, prepared by the Division of Criminal Justice, is intended to serve as a model for the law
More informationCyber Security Training and Awareness Through Game Play
Cyber Security Training and Awareness Through Game Play Benjamin D. Cone, Michael F. Thompson, Cynthia E. Irvine, and Thuy D. Nguyen Naval Postgraduate School, Monterey, CA 93943, USA {bdcone,mfthomps,irvine,tdnguyen}@nps.edu
More informationCriminal Justice Courses
Criminal Justice Courses Course ID Course Title Credits CJ-100 Introduction to Criminal Justice and Administration 3 CJ-110 Criminal Law 3 CJ-120 Introduction to Law and the Court Systems 3 PSY-100 Essentials
More informationHeadquarters U.S. Air Force
Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force Technology Readiness Assessment (TRA) Process for Major Defense Acquisition Programs LtCol Ed Masterson Mr
More informationInsider Risk Evaluation and Audit
Technical Report 09-02 August 2009 Insider Risk Evaluation and Audit Eric D. Shaw Consulting & Clinical Psychology, Ltd. Lynn F. Fischer Defense Personnel Security Research Center Andrée E. Rose Northrop
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More information73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation
73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation 21-23 June 2005, at US Military Academy, West Point, NY 712CD For office use only 41205 Please complete this form 712CD as your cover
More informationTown of Cobleskill Workplace Violence Policy & Procedures
The employer known as the Town of Cobleskill has a long-standing commitment to promoting a safe and secure work environment that promotes the achievement of its mission of serving the public. All employee
More informationIn June 1998 the Joint Military Intelligence. Intelligence Education for Joint Warfighting A. DENIS CLIFT
Defense Intelligence Analysis Center, home of JMIC. Intelligence Education for Joint Warfighting Courtesy Joint Military Intelligence College By A. DENIS CLIFT In June 1998 the Joint Military Intelligence
More informationFederal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad
Federal Bureau of Investigation Los Angeles Field Office Computer Crime Squad Overview FBI and Infrastructure Protection Cyber Crime Cases Cyber Law What to do Infrastructure Protection: Traditional Threat
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationTITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples
AD Award Number: W81WH-07-1-0069 TITLE: The Impact Of Prostate Cancer Treatment-Related Symptoms On Low-Income Latino Couples PRINCIPAL INVESTIGATOR: Sally L. Maliski, Ph.D., R.N. CONTRACTING ORGANIZATION:
More informationAlcoholism and Drug Abuse Program
Technician Personnel Regulation 792 Alcoholism and Drug Abuse Alcoholism and Drug Abuse Program National Guard Bureau Arlington, VA 22202-3231 8 February 2011 UNCLASSIFIED SUMMARY of CHANGE TPR 792 Alcoholism
More informationAn Application of an Iterative Approach to DoD Software Migration Planning
An Application of an Iterative Approach to DoD Software Migration Planning John Bergey Liam O Brien Dennis Smith September 2002 Product Line Practice Initiative Unlimited distribution subject to the copyright.
More informationCampus and Workplace Violence Prevention
Campus and Workplace Violence 1 Prevention SECTION I Policy SUNYIT is committed to providing a safe learning and work environment for the college community. The College will respond promptly to threats,
More informationWashington State Domestic Violence Fatality Review Project
Washington State Domestic Violence Fatality Review Project This form to be filled out for each contact with the criminal justice system prior to the fatality. For this incident... the suspect is the domestic
More information2010 2011 Military Health System Conference
2010 2011 Military Health System Conference Population Health Management The Missing Element of PCMH Sharing The Quadruple Knowledge: Aim: Working Achieving Together, Breakthrough Achieving Performance
More informationInteragency National Security Knowledge and Skills in the Department of Defense
INSTITUTE FOR DEFENSE ANALYSES Interagency National Security Knowledge and Skills in the Department of Defense June 2014 Approved for public release; distribution is unlimited. IDA Document D-5204 Log:
More informationPima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center
Pima Community College Planning Grant For Autonomous Intelligent Network of Systems (AINS) Science, Mathematics & Engineering Education Center Technical Report - Final Award Number N00014-03-1-0844 Mod.
More informationCORPORATE HEALTH. Workplace Alcohol/Drug Abuse Intervention Program КОРПОРАТИВНОЕ ЗДОРОВЬЕ КОРПОРАТИВНОЕ ЗДОРОВЬЕ ООО CORPORATE HEALTH LLC
КОРПОРАТИВНОЕ ЗДОРОВЬЕ CORPORATE HEALTH Workplace Alcohol/Drug Abuse Intervention Program WHO states that the level of alcohol use and abuse in Russia is one of the highest in the world Under the statement
More informationIISUP-. NAVAL SUPPLY SVSTE:MS COMMAND. Ready. Resourceful. Responsive!
~ IISUP-. NAVAL SUPPLY SVSTE:MS COMMAND Ready. Resourceful. Responsive! Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated
More informationCUNY New York Workplace Violence Policy and Procedures
CUNY New York Workplace Violence Policy and Procedures The City University of New York has a longstanding commitment to promoting a safe and secure academic and work environment that promotes the achievement
More informationFIN-2014-A007 August 11, 2014
FIN-2014-A007 August 11, 2014 Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance BSA/AML shortcomings have triggered recent civil and criminal enforcement actions FinCEN seeks
More informationScope of Workplace Violence Program 2, 3. Types of Workplace Violence Events 4, 5. Preventative Measures 6, 7. Responding to Workplace Violence 8, 9
TABLE OF CONTENTS Contents Page Introduction 1 Scope of Workplace Violence Program 2, 3 Types of Workplace Violence Events 4, 5 Preventative Measures 6, 7 Responding to Workplace Violence 8, 9 1 Shasta
More informationThe Second Responders Program: A Coordinated Police and Social Service Response to Domestic Violence
The Second Responders Program: A Coordinated Police and Social Service Response to Domestic Violence By Erin Lane, Rosann Greenspan, and David Weisburd 2004 NCJ 199717 Erin Lane, M.P.H., is with the Police
More informationCYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES
COMMITTEE OF EXPERTS ON TERRORISM (CODEXTER) CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES UNITED STATES OF AMERICA September 2007 Kapitel 1 www.coe.int/gmt The responses provided below
More informationFor purposes of this policy, the following terms will be defined as follows.
DOMESTIC VIOLENCE AND THE WORKPLACE POLICY STATEMENT The City University of New York ( CUNY ) disapproves of violence against women, men, or children in any form, whether as an act of workplace violence
More informationLaw, Public Safety, Corrections and Security Career Cluster Criminal Investigations Course Number: 43.45300
Law, Public Safety, Corrections and Security Career Cluster Criminal Investigations Course Number: 43.45300 Course Description: This course is designed to provide students with an opportunity to explore
More informationRT 24 - Architecture, Modeling & Simulation, and Software Design
RT 24 - Architecture, Modeling & Simulation, and Software Design Dennis Barnabe, Department of Defense Michael zur Muehlen & Anne Carrigy, Stevens Institute of Technology Drew Hamilton, Auburn University
More informationSUNY Delhi Domestic Violence and the Workplace Policy
SUNY Delhi Domestic Violence and the Workplace Policy Policy Statement Domestic violence permeates the lives and compromises the safety of thousands of New York State employees each day, with tragic, destructive,
More informationGraduate Level Credit for Resident EWS Students. Natasha McEachin CG 1
Graduate Level Credit for Resident EWS Students Natasha McEachin CG 1 February 20, 2009 1 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information
More informationJohn Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011
John Mathieson US Air Force (WR ALC) Systems & Software Technology Conference Salt Lake City, Utah 19 May 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the
More informationState University of New York at Potsdam. Workplace Violence Prevention Policy and Procedures
State University of New York at Potsdam Workplace Violence Prevention Policy and Procedures Revision Date: September 15, 2015 Page 1 of 7 TABLE OF CONTENTS Policy... 3 Statement... 3 Definitions... 3 Application
More informationAFRL-RX-WP-TP-2008-4023
AFRL-RX-WP-TP-2008-4023 HOW KILLDEER MOUNTAIN MANUFACTURING IS OPTIMIZING AEROSPACE SUPPLY CHAIN VISIBILITY USING RFID (Postprint) Jeanne Duckett Killdeer Mountain Manufacturing, Inc. FEBRUARY 2008 Final
More informationDisaster Behavioral Health Capacity Assessment Tool
What is Disaster Behavioral Health? Disaster behavioral health is the provision of mental health, substance abuse, and stress management services to disaster survivors and responders. Following an emergency
More informationBEADLE COUNTY PROCEDURES AND POLICIES FOR PROSECUTION OF DOMESTIC VIOLENCE AND PROTECTION ORDER VIOLATIONS
BEADLE COUNTY PROCEDURES AND POLICIES FOR PROSECUTION OF DOMESTIC VIOLENCE AND PROTECTION ORDER VIOLATIONS I. Policy statement. A. Overview. South Dakota prosecutors have made significant strides in the
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationDomestic Violence Laws and the Illinois Domestic Violence Act
CHAPTER 8 Domestic Violence Laws and the Illinois Domestic Violence Act Although clergy and other spiritual leaders may not be directly involved in the legal procedures described below, it is important
More informationFAQ s for Defense Attorneys Community-Based Domestic Violence Advocates: A Resource for Battered Women Charged with Crimes
FAQ s for Defense Attorneys Community-Based Domestic Violence Advocates: A Resource for Battered Women Charged with Crimes The content for this article was developed by a group of attorneys and community-based
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationPublic Opinion on Selected National Security Issues: 1994-2000
Management Report 01-4 October 2001 Public Opinion on Selected National Security Issues: 1994-2000 Suzanne Wood Defense Personnel Security Research Center Released by James A. Riedel Director Defense Personnel
More informationBUREAU OF SECURITY AND INVESTIGATIVE SERVICES Title 16, Division 7 of the California Code of Regulations
BUREAU OF SECURITY AND INVESTIGATIVE SERVICES Title 16, Division 7 of the California Code of Regulations ARTICLE 9. SKILLS TRAINING COURSE FOR SECURITY GUARDS 643. SKILLS TRAINING COURSE FOR SECURITY GUARDS
More informationAN INFORMATION GOVERNANCE BEST
SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN
More informationIOWA ATTORNEY GENERALS OFFICE PROCEDURES AND POLICIES FOR PROSECUTION OF DOMESTIC ABUSE CASES Iowa Code 13.2(14) (2007)
IOWA ATTORNEY GENERALS OFFICE PROCEDURES AND POLICIES FOR PROSECUTION OF DOMESTIC ABUSE CASES Iowa Code 13.2(14) (2007) I. Policy statement. A. Overview. Iowa county attorneys have made significant strides
More informationColumbus Police Division Directive. I. Introduction. II. Definitions. Aug. 30, 1995 9.02 REVISED. Employee Development Programs
Columbus Police Division Directive EFFECTIVE NUMBER Aug. 30, 1995 9.02 REVISED TOTAL PAGES Sep. 30, 2014 7 Employee Development Programs I. Introduction The Division of Police recognizes the value of identifying
More informationTHE FLATWORLD SIMULATION CONTROL ARCHITECTURE (FSCA): A FRAMEWORK FOR SCALABLE IMMERSIVE VISUALIZATION SYSTEMS
THE FLATWORLD SIMULATION CONTROL ARCHITECTURE (FSCA): A FRAMEWORK FOR SCALABLE IMMERSIVE VISUALIZATION SYSTEMS Anton Treskunov, Jarrell Pair*, and Bill Swartout Institute for Creative Technologies University
More informationI N S T I T U T E F O R D E FE N S E A N A L Y S E S NSD-5216
I N S T I T U T E F O R D E FE N S E A N A L Y S E S NSD-5216 A Consistent Approach for Security Risk Assessments of Dams and Related Critical Infrastructure J. Darrell Morgeson Jason A. Dechant Yev Kirpichevsky
More informationWORKPLACE VIOLENCE POLICY
WORKPLACE VIOLENCE POLICY SUNY Canton is committed to providing a safe work environment for all employees that is free from intimidation, threats, and violent acts. The college will respond promptly to
More informationCalifornia s Alternative Sentencing Law for Veterans and Members of the U.S. Military
California s Alternative Sentencing Law for Veterans and Members of the U.S. Military You re a veteran, or maybe you re still in the military. But now you re looking at time in county jail or state prison.
More informationEstablishing a State Cyber Crimes Unit White Paper
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
More informationFIRST IMPRESSION EXPERIMENT REPORT (FIER)
THE MNE7 OBJECTIVE 3.4 CYBER SITUATIONAL AWARENESS LOE FIRST IMPRESSION EXPERIMENT REPORT (FIER) 1. Introduction The Finnish Defence Forces Concept Development & Experimentation Centre (FDF CD&E Centre)
More informationFEDERAL IDENTITY THEFT TASK FORCE. On May 10, 2006, the President signed an Executive Order establishing an Identity Theft
FEDERAL IDENTITY THEFT TASK FORCE Attorney General Alberto Gonzales Federal Trade Commission Chairman Deborah Platt Majoras On May 10, 2006, the President signed an Executive Order establishing an Identity
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationOffice of Security Management (213) 974-7926
PREPARED BY OCCUPATIONAL HEALTH PROGRAMS CHIEF EXECUTIVE OFFICE RISK MANAGEMENT BRANCH October 2007 Section Page STATEMENT OF PURPOSE...3 Psychiatric Emergencies AUTHORITY & CIVIL SERVICE RULES... 4 Application
More informationHow To Prevent Sexual Harassment
MODEL LAW ON SEXUAL HARASSMENT 0 MODEL LAW ON SEXUAL HARASSMENT Table of Contents Chapter I: General Provisions... 2 Article 1: [Title]... 2 Article 2: Purpose... 2 Article 3: Application... 2 Article
More informationDEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD
Defense Business Practice Implementation Board DEFENSE BUSINESS PRACTICE IMPLEMENTATION BOARD Report to the Senior Executive Council, Department of Defense MANAGEMENT INFORMATION TASK GROUP Report FY02-3
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationCancellation of Nongroup Health Insurance Policies
Cancellation of Nongroup Health Insurance Policies Bernadette Fernandez Specialist in Health Care Financing Annie L. Mach Analyst in Health Care Financing November 19, 2013 Congressional Research Service
More informationColorado Department of Human Services (CDHS) Preventing Violence in the Workplace: Model Program page 1 as reprinted on www.makeityourbusiness.
Preventing Violence in the Workplace: Model Program page 1 This tool has been developed by the Colorado Department of Human Services. It addresses workplace violence in general. It can be adapted to meet
More informationThe Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.
The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco. 1 Calling All CEOs Are You Ready to Defend the Battlefield of the 21st Century? It is not the norm for corporations to be
More informationADDRESSES SYSTEM LOCATION
Volume 80, Number 28 Wednesday, February 11, 2015 Public Notice 9034; Pages 7671 Privacy Act; System of Records: Medical Records, State-24 SUMMARY: Notice is hereby given that the Department of State proposes
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationNEW HAMPSHIRE E SCHOOL BOARDS ASSOCIATION Theodore E. Comstock, Executive Director Barrett M. Christina, Staff Attorney 603-228-2061 www.nhsba.
NEW HAMPSHIRE E SCHOOL BOARDS ASSOCIATION Theodore E. Comstock, Executive Director Barrett M. Christina, Staff Attorney 603-228-2061 www.nhsba.org Investigating Allegations of Employee Misconduct October
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationIntegrity Continuity: Avoiding and Surviving (Un)Ethical Disasters. Robert C. Chandler, Ph.D., Pepperdine University Malibu, California USA
Integrity Continuity: Avoiding and Surviving (Un)Ethical Disasters Robert C. Chandler, Ph.D., Pepperdine University Malibu, California USA Changing our Minds It couldn t happen to us a false sense of security,
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationCOUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA
COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA 09/1 8/2009 version UNCLASSIFIED//FOR OFFICIAL USE ONLY Cl VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA DEFINING COUNTERINTELLIGENCE
More informationFederal Bureau of Investigation
Federal Bureau of Investigation SSA John Caruthers Cyber Criminal Section SSA Kenneth Schmutz Cyber National Security Section April 11, 2012 FBI Mission Cyber Threats FBI Response 1. Protect the United
More informationUniversity of California Policy
University of California Policy HIPAA Uses and Disclosures Responsible Officer: Senior Vice President/Chief Compliance and Audit Officer Responsible Office: Ethics, Compliance and Audit Services Effective
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationHow To Implement International Terrorism Agreements
STATEMENT OF BRAD WIEGMANN DEPUTY ASSISTANT ATTORNEY GENERAL DEPARTMENT OF JUSTICE BEFORE THE SUBCOMMITTEE ON CRIME, TERRORISM, AND HOMELAND SECURITY COMMITTEE ON THE JUDICIARY UNITED STATES HOUSE OF REPRESENTATIVES
More informationCRIMINAL LAW AND VICTIMS RIGHTS
Chapter Five CRIMINAL LAW AND VICTIMS RIGHTS In a criminal case, a prosecuting attorney (working for the city, state, or federal government) decides if charges should be brought against the perpetrator.
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More informationNegotiation, Conflict Resolution and Peacebuilding
Negotiation, Conflict Resolution and Peacebuilding College of Arts and Humanities Master of Arts Program Description The Negotiation, Conflict Resolution and Peacebuilding Program involves a comprehensive
More informationHalifax Regional Municipality ( HRM ) Substance Abuse Prevention Policy ( Policy )
Halifax Regional Municipality ( HRM ) Substance Abuse Prevention Policy ( Policy ) I. Policy Statement and Purpose Halifax Regional Municipality ( HRM ) is committed to providing a safe work environment
More informationMr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency. May 11, 2011
Mr. Steve Mayer, PMP, P.E. McClellan Remediation Program Manger Air Force Real Property Agency May 11, 2011 Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection
More informationDr. Gary S. E. Lagerloef Earth and Space Research, 1910 Fairview Ave E
Establishing a NOAA Operational Data Center for Surface Currents Derived from Satellite Altimeters and Scatterometers; Pilot Study for the Tropical Pacific Including the Hawaiian Islands and US Territorial
More informationPOLICE SERIES. Promotional Line: 144
POLICE SERIES Occ. Work Prob. Effective Last Code No. Class Title Area Area Period Date Action 3086 Police Officer 13 069 12 mo. 06/01/10 Rev. 2787 Police Corporal 13 069 12 mo. 06/01/10 Rev. 3081 Police
More informationHow To Get A Computer Hacking Program
CHFI v8(computer Hacking Forensics Investigator) Course Description & Overview Overview CHFIv8 Course Description EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator
More information